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EDPB Work Program 2019/2020 


The European Data Protection Board 


The European Data Protection Board (EDPB) is an independent European body, which contributes to 
the consistent application of data protection rules throughout the European Union, and promotes 
cooperation between the EU and EEA EFTA data protection supervisory authorities. The EDPB is 
established by the General Data Protection Regulation (GDPR). 


The EDPB is composed of representatives of the national EU and EEA EFTA data protection supervisory 
authorities, and the European Data Protection Supervisor (EDPS). 
The EDPB has the following main tasks: 


— To issue opinions, guidelines, recommendations and best practices to promote a common 
understanding of the GDPR and the Law Enforcement Directive; 


— To advise the European Commission on any issue related to the protection of personal data in 
the Union; 


— To contribute to the consistent application of the GDPR, in particular in cross-border data 
protection cases 


— To promote cooperation and the effective exchange of information and best practice between 
national supervisory authorities 


In line with the Article 29 of the EDPB Rules of procedure, the EDPB has developed its two-year work 
program for 2019 and 2020. After having endorsed guidelines adopted by the WP29 and after having 
issued guidelines on the interpretation of the new provisions introduced by the GDPR, the EDPB now 
aims to focus more on specific items or technologies. The work program of the EDPB is based on the 
needs identified by the members as priority for stakeholders as well as the EU legislator planned 
activities. 


The EDPB will regularly monitor the implementation of its work program which might be updated. 
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Activities for 2019-2020 


l. Guidelines 


Guidelines on Codes of Conduct and Monitoring Bodies 

Guidelines on delisting 

Guidelines on PSD2 and GDPR 

Guidelines on international transfers between public bodies for administrative 
cooperation purposes 

Guidelines Certification and Codes of Conduct as a tool for transfers 

Guidelines on Connected vehicles 

Guidelines on Certification (finalisation after the public consultation) 

Guidelines on video surveillance 

Guidelines on Data Protection by Design and by Default 

Guidelines on Targeting of social media users 

Guidelines on children’s data 

Guidelines on reliance on Art. 6(1) b in the context of online services 

Guidelines on concepts of controller and processor (Update of the WP29 Opinion) 
Guidelines on the notion of legitimate interest of the data controller (Update of the 
WP29 Opinion) 

Guidelines on the Territorial Scope of the GDPR (finalisation after the public 
consultation) 

Guidelines on the powers of DPAs in accordance with Art. 47 of the Law Enforcement 
Directive 

Guidelines on data subjects rights with main focus at a first stage on the rights of 
access, erasure, objection, restriction and limitations to these rights 


Il. Consistency opinions 


Opinion on administrative arrangement between EEA and non EEA financial market 
regulators 
Opinion on Interplay between GDPR and ePrivacy 


lll. | Other types of activities 
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Privacy Shield - Follow-up of the Joint Review 

ePrivacy Regulation 

Procedural rules on the Supervision of EU large scale IT systems 

Consultation from the Commission on the Clinical Trials Regulation 

Reflection paper on international mutual assistance and other cooperation tools to 
enforce the GDPR outside the EU (Art. 50) 

EDPB Enforcement Strategy 

FATCA - Statement in response to the European Parliament’s resolution 

Statement on the use of personal data in the context of elections 

Enhancement of existing IT solutions and development of new IT solutions 

Data breach notifications 

Consultation from the Commission on the report regarding the evaluation and review 
of the GDPR according to Art. 97 


IV. Recurrent activities 
a. Consistency opinions and decisions 
— Opinions regarding relevant draft decision from competent supervisory 
authorities, such as decisions on 


DPIA lists (Art. 35(4)-(5)) 

Codes of conduct 

Accreditation criteria for code monitoring and certification bodies 
and certification criteria under Art. 42(5) (European Data Protection 
Seal) 

Standard contractual clauses for international transfers under Art. 
46(2) 

Standard contractual clauses for processors under Art. 28(8) 

Ad hoc contractual clauses for international transfers under Art. 46(3) 
Binding Corporate Rules (Art. 47(1)) 


— Any opinion on matter of general application or producing effects in several 
member States, on the basis of a request from any supervisory authority, the 
Chair or the Commission under Art. 64(2) 

— Any binding decision in the context of dispute resolution (Art. 65(1)) or 
urgency procedure (Art. 66) 


b. Legislative consultation 
— Any opinion, statement, advice on the request of the Commission following 
the adoption of proposals for a legislative act, international agreement or 
when preparing delegated acts or implementing acts, where the act is of 
particular importance for the protection of individuals’ rights and freedoms 
with regard to the processing of personal data, such as opinions on future or 
review of existing Adequacy decisions 


V. Possible topics 
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Guidelines on the interpretation of Art. 48 GDPR 
Guidance on the interaction between the Regulation on the free flow of non-personal 


data in the EU and the GDPR 


Opinion on cross-border requests for e-evidence 
Comments on updated PNR agreement with Canada 
Update of guidance on government access to data both in Essential Guarantees paper 


and Adequacy Referential 


numbers 


Enforcement against controllers in 3rd countries 
e-Invoices and creation of centralized databases by Ministries of Finance 
Use of credit cards for distant payments and post-transaction retention of card 


Good practices regarding research projects 
Approval procedure for ad hoc contractual clauses 
— Blockchain 
Interoperability between BCRs 

Use of new technologies, such as Al, connected assistants 


